Details:
| Summary | The Italian DPA (Garante) imposed a fine of EUR 10,000 on the municipality of Luino. The controller had published a document containing personal data of a local council member. In addition to personal data, the document also contained information about a complaint procedure filed against him by the mayor. The freely accessible document could be downloaded without further authentication. Furthermore, the municipality had failed to name a data protection officer and to provide the DPA with his/her contact details. |
| Link: | link |
| Related articles: | Art. 5 (1) a), c) GDPR, Art. 6 (1) c), e) GDPR, Art. 6 (2) GDPR, Art. 6 (3) b) GDPR, Art. 37 (1) a) GDPR, Art. 37 (7) GDPR |
| Type: | Non-compliance with general data processing principles |
| Fine: | EUR 10,000 |
| Sector | Public Sector and Education |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/